Malte Poll
e9fecec0bc
Only publish release AMIs
2022-11-09 14:29:58 +01:00
Malte Poll
a96f07dbdd
shellcheck upload_aws.sh
2022-11-09 14:29:58 +01:00
Malte Poll
97bb0f4a91
Update terraform lock files to include hashes for all platforms ( #499 )
...
- linux_arm64
- linux_amd64
- darwin_arm64
- darwin_amd64
- windows_amd64
2022-11-09 14:23:51 +01:00
renovate[bot]
9191f8ac61
Update Terraform docker to v2.23.0 ( #495 )
...
* Update Terraform docker to v2.23.0
* Readd removed terraform lock hashes
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Malte Poll <mp@edgeless.systems>
2022-11-09 13:35:17 +01:00
renovate[bot]
1c463bf10b
Update Azure SDK ( #493 )
...
* Update Azure SDK
* [bot] Tidy all modules
* fix breaking changes around New function in Azure SDK
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2022-11-09 12:09:22 +01:00
Malte Poll
9e12e004bb
Set SELinux from disabled to permissive ( #474 )
2022-11-09 12:04:58 +01:00
renovate[bot]
46a8e8d424
Update google.golang.org/genproto digest to 2d38753 ( #408 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-09 12:03:01 +01:00
renovate[bot]
cf9693af24
Update Google cloud SDK ( #457 )
...
* Update Google cloud SDK
* [bot] Tidy all modules
* migrate from google.golang.org/genproto/googleapis/cloud/kms/v1 to cloud.google.com/go/kms/apiv1/kmspb
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
Co-authored-by: Fabian Kammel <fk@edgeless.systems>
2022-11-09 11:48:56 +01:00
Leonard Cohnen
3c6d59ce7e
aws: don't flag release as debug images
2022-11-09 11:20:58 +01:00
Leonard Cohnen
97acdfa297
config: align pre-filled AWS measurements
2022-11-09 11:20:58 +01:00
renovate[bot]
c18feaaace
Update lycheeverse/lychee-action action to v1.5.4 ( #492 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-09 11:10:46 +01:00
renovate[bot]
ce0b3a8867
Update module golang.org/x/sys to v0.2.0 ( #491 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 11:09:07 +01:00
renovate[bot]
18439fc69b
Update module github.com/docker/docker to v20.10.21+incompatible ( #322 )
...
* Update module github.com/docker/docker to v20.10.21+incompatible
* [bot] Tidy all modules
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-09 11:07:15 +01:00
renovate[bot]
cb7b53a9c9
Update AWS SDK ( #490 )
...
* Update AWS SDK
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: renovate[bot] <renovate[bot]@users.noreply.github.com>
2022-11-09 11:03:06 +01:00
renovate[bot]
5f170709d6
Update k8s.io/utils digest to 8e77b1f ( #489 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 10:46:47 +01:00
renovate[bot]
0e34d35404
Update Terraform google to v4.43.0 ( #484 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-09 10:30:02 +01:00
Paul Meyer
d3bad39223
e2e: fix deletion of persisten volumes ( #476 )
...
Co-authored-by: Christoph Meyer <cme@edgeless.systems>
2022-11-09 10:28:34 +01:00
Malte Poll
ac5ad7c378
Clarify Azure Secure Boot / VMGS settings when uploading images ( #488 )
2022-11-09 10:11:23 +01:00
Thomas Tendyck
d3150a80ac
add brief instructions to AWS IAM Terraform script ( #478 )
...
* add brief instructions to AWS IAM Terraform script
* Update README.md
2022-11-08 18:40:30 +01:00
renovate[bot]
34435e4396
Update k8s.io/utils digest to 1a15be2 ( #483 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:39:51 +01:00
renovate[bot]
05f4b8698b
Update ludeeus/action-shellcheck digest to 6d3f514 ( #485 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:38:48 +01:00
renovate[bot]
b8acb5e448
Update Terraform aws to v4.38.0 ( #464 )
...
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 18:34:45 +01:00
Daniel Weiße
011f9c597d
Bring in changes from release branch ( #479 )
...
* Bump version to v2.2.0
* Update changelog
* Fix release detection in pipeline
* Fix PKI selection in pipeline
* Set enforced measurements for AWS
* Update default images
* Fix release docs
* Update mini-con defaults
* Fix measurements action
* Fix syft env variable naming
Signed-off-by: Daniel Weiße <dw@edgeless.systems>
2022-11-08 18:32:59 +01:00
Fabian Kammel
2b64f31104
release docs for v2.2 ( #482 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-08 18:25:56 +01:00
Fabian Kammel
598761541b
AWS Docs ( #446 )
...
* document AWS support
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
Co-authored-by: Thomas Tendyck <51411342+thomasten@users.noreply.github.com>
Co-authored-by: Moritz Eckert <m1gh7ym0@gmail.com>
Co-authored-by: Leonard Cohnen <lc@edgeless.systems>
2022-11-08 18:21:09 +01:00
Paul Meyer
46e4ddd8c6
ci: don't run cli reference gen on release branch
...
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-08 17:07:29 +01:00
Malte Poll
499d7a1fdd
AB#2566 RFC for image discoverability (description of image version uid) ( #416 )
...
Co-authored-by: Nils Hanke <Nirusu@users.noreply.github.com>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
2022-11-08 14:04:14 +01:00
Nils Hanke
ee55584b90
AWS: Apply security group to worker nodes
2022-11-08 11:22:06 +01:00
Malte Poll
41668d50c2
Add recovery loadbalancer on AWS
2022-11-08 00:07:04 +01:00
Malte Poll
e07c6ada5c
Backport systemd-resolved fixes for Fedora 36
2022-11-08 00:07:04 +01:00
Malte Poll
899ca91aa3
Move enforced measurement for clusterID to PCR[15] in e2e tests
2022-11-08 00:07:04 +01:00
Malte Poll
2171b9fb31
Install CA certificates in initrd
2022-11-08 00:07:04 +01:00
Malte Poll
0d7e0b44b8
Wait for nss-lookup in initrd
2022-11-08 00:07:04 +01:00
Malte Poll
3e996efb3f
Pass azure image offer from build variable action
2022-11-08 00:07:04 +01:00
Malte Poll
86001daf7f
Install systemd-resolved in dracut to enable DNS
2022-11-08 00:07:04 +01:00
Leonard Cohnen
f09ce515e2
docs: remove constellation-state.json
2022-11-07 19:09:24 +01:00
Leonard Cohnen
152978045c
docker: cache go compiler
2022-11-07 16:17:28 +01:00
Nils Hanke
759c626e0f
AWS: Don't expose SSH debugging ports on the LB
2022-11-07 13:57:22 +01:00
Malte Poll
fa6dfdff4f
Mark externally managed terraform resources to make infrastructure terraform appliable throughout its lifetime ( #442 )
...
* Mark externally managed terraform resources to make infrastructure terraform appliable throughout its lifetime
* Use correct field for nat gateway
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
Co-authored-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
2022-11-07 11:04:10 +01:00
Otto Bittner
a70161730f
Explain unenforced measurements in config ( #445 )
2022-11-07 08:56:57 +01:00
renovate[bot]
efa2fb2fd0
Update anchore/sbom-action action to v0.13.1 ( #463 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 17:42:09 +01:00
renovate[bot]
9ecc92e35f
Update dependency kubernetes-sigs/cri-tools to v1.25.0 ( #458 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 17:38:52 +01:00
Malte Poll
ed58fcccd3
CI: Add secure boot prod keys ( #462 )
...
* Add production secure boot keys
* Refactor OS build and upload settings
2022-11-04 16:48:52 +01:00
renovate[bot]
5ffdbc9bd6
Update module sigs.k8s.io/controller-runtime to v0.13.1 ( #455 )
...
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2022-11-04 15:57:46 +01:00
3u13r
309a4b5196
cli: remove debug env check for AWS ( #460 )
2022-11-04 15:31:51 +01:00
Fabian Kammel
cf36b85ff9
extend permissions to allow logging ( #461 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-04 14:56:13 +01:00
Moritz Eckert
69644add5d
Add plausbile to docusaurus ( #456 )
2022-11-04 14:15:34 +01:00
Fabian Kammel
668b4d000b
document usage of iamlive ( #443 )
...
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-04 14:01:23 +01:00
3u13r
4f4cd4cc67
bump verify image 20221104 ( #459 )
2022-11-04 13:56:19 +01:00
Fabian Kammel
04d0c770af
limit aws cluster name len ( #454 )
...
* limit aws cluster name len down to 10, 32-character name limit in AWS
Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2022-11-04 13:35:32 +01:00